From 1f0ec59eb57e2d56280566a0b4257fae35ea0c82 Mon Sep 17 00:00:00 2001 From: sneak Date: Thu, 8 Jan 2026 07:38:44 -0800 Subject: [PATCH] Wire up auth routes and encrypted URL endpoint Add session manager and encurl generator to handlers. Register /, /logout, /generate, /v1/e/{token}, /static/* routes. --- go.mod | 5 +++-- go.sum | 4 ++++ internal/handlers/handlers.go | 21 +++++++++++++++++++++ internal/server/routes.go | 14 ++++++++++++++ 4 files changed, 42 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 6c7a1f1..6869ea4 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ require ( github.com/slok/go-http-metrics v0.13.0 github.com/spf13/cobra v1.10.2 go.uber.org/fx v1.24.0 + golang.org/x/crypto v0.41.0 golang.org/x/image v0.34.0 modernc.org/sqlite v1.42.2 ) @@ -54,7 +55,7 @@ require ( github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/fatih/color v1.16.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-jose/go-jose/v4 v4.0.5 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -70,6 +71,7 @@ require ( github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect github.com/googleapis/gax-go/v2 v2.14.2 // indirect + github.com/gorilla/securecookie v1.1.2 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect github.com/hashicorp/consul/api v1.32.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -124,7 +126,6 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect - golang.org/x/crypto v0.41.0 // indirect golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect golang.org/x/net v0.43.0 // indirect golang.org/x/oauth2 v0.30.0 // indirect diff --git a/go.sum b/go.sum index a65d6fb..9e7e92d 100644 --- a/go.sum +++ b/go.sum @@ -108,6 +108,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= +github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/getsentry/sentry-go v0.40.0 h1:VTJMN9zbTvqDqPwheRVLcp0qcUcM+8eFivvGocAaSbo= github.com/getsentry/sentry-go v0.40.0/go.mod h1:eRXCoh3uvmjQLY6qu63BjUZnaBu5L5WhMV1RwYO8W5s= github.com/go-chi/chi/v5 v5.2.3 h1:WQIt9uxdsAbgIYgid+BpYc+liqQZGMHRaUwp0JUcvdE= @@ -172,6 +174,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= github.com/googleapis/gax-go/v2 v2.14.2 h1:eBLnkZ9635krYIPD+ag1USrOAI0Nr0QYF3+/3GqO0k0= github.com/googleapis/gax-go/v2 v2.14.2/go.mod h1:ON64QhlJkhVtSqp4v1uaK92VyZ2gmvDQsweuyLV+8+w= +github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA= +github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 h1:5ZPtiqj0JL5oKWmcsq4VMaAW5ukBEgSGXEN89zeH1Jo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3/go.mod h1:ndYquD05frm2vACXE1nsccT4oJzjhw2arTS2cpUD1PI= github.com/hashicorp/consul/api v1.32.1 h1:0+osr/3t/aZNAdJX558crU3PEjVrG4x6715aZHRgceE= diff --git a/internal/handlers/handlers.go b/internal/handlers/handlers.go index 48935a2..eac8d9a 100644 --- a/internal/handlers/handlers.go +++ b/internal/handlers/handlers.go @@ -11,9 +11,11 @@ import ( "go.uber.org/fx" "sneak.berlin/go/pixa/internal/config" "sneak.berlin/go/pixa/internal/database" + "sneak.berlin/go/pixa/internal/encurl" "sneak.berlin/go/pixa/internal/healthcheck" "sneak.berlin/go/pixa/internal/imgcache" "sneak.berlin/go/pixa/internal/logger" + "sneak.berlin/go/pixa/internal/session" ) // Params defines dependencies for Handlers. @@ -33,6 +35,8 @@ type Handlers struct { config *config.Config imgSvc *imgcache.Service imgCache *imgcache.Cache + sessMgr *session.Manager + encGen *encurl.Generator } // New creates a new Handlers instance. @@ -91,6 +95,23 @@ func (s *Handlers) initImageService() error { s.imgSvc = svc s.log.Info("image service initialized") + // Initialize session manager and URL generator if signing key is configured + if s.config.SigningKey != "" { + sessMgr, err := session.NewManager(s.config.SigningKey, !s.config.Debug) + if err != nil { + return err + } + s.sessMgr = sessMgr + + encGen, err := encurl.NewGenerator(s.config.SigningKey) + if err != nil { + return err + } + s.encGen = encGen + + s.log.Info("session manager and URL generator initialized") + } + return nil } diff --git a/internal/server/routes.go b/internal/server/routes.go index c8a6fd4..5d3c0d3 100644 --- a/internal/server/routes.go +++ b/internal/server/routes.go @@ -7,6 +7,8 @@ import ( "github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5/middleware" "github.com/prometheus/client_golang/prometheus/promhttp" + + "sneak.berlin/go/pixa/internal/static" ) // SetupRoutes configures all HTTP routes. @@ -38,10 +40,22 @@ func (s *Server) SetupRoutes() { // Robots.txt s.router.Get("/robots.txt", s.h.HandleRobotsTxt()) + // Static files (Tailwind CSS, etc.) + s.router.Handle("/static/*", http.StripPrefix("/static/", static.Handler())) + + // Login/generator UI + s.router.Get("/", s.h.HandleRoot()) + s.router.Post("/", s.h.HandleRoot()) + s.router.Get("/logout", s.h.HandleLogout()) + s.router.Post("/generate", s.h.HandleGenerateURL()) + // Main image proxy route // /v1/image///x. s.router.Get("/v1/image/*", s.h.HandleImage()) + // Encrypted image URL route + s.router.Get("/v1/e/{token}", s.h.HandleImageEnc()) + // Metrics endpoint with auth if s.config.MetricsUsername != "" { s.router.Group(func(r chi.Router) {